Comments 4

If we look at the WordPress default database structure, we can see "user_login" field has a character limit of 60. So the username can be maximum of 60 characters.

For "user_pass", the field character limit is 255 but there is a tricky thing. WordPress NEVER stores your password in plain text format. It encrypts the password with MD5 hashing algorithm. The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number.

So theoretically you do not have any limit for the length of your password. The longer the password, the more memory your server will need to process that. But PHP contains some safety checks on the maximum request size to avoid malicious users from filling up your memory. As long as your server is able to handle insane amount of load, sky is your limit for passwords.

What would you say would be an "industry-standard" in this regard for max for each, in a practical sense? It does not matter at all to me. Of course it's probably crazy to have a password of dozens of characters long as well as the max 60 chars for username; but I would love to hear your opinion.

What would you say would be an "industry-standard" in this regard for max for each, in a practical sense?

I don't thinks there is some "industry-standard" for this when it comes to lengths. Password should be safe. This (shorter password) $%#e$5rRT is safer than qazxswedcvfr because it's harder to break.
I personally use 20 to 26 chars for passwords. With upper, lower, numbers and other chars in random order.

With regards to taking up a lot of memory, why would even the max length take up any significant amount of memory? Isn't it only stored on one record in the WP database?

Yes, but like Rupok said before it is encrypted password with MD5 hashing algorithm. And to process algorithm you need memory (computer need memory) - more advanced algorithm, more complicated then it needs more resources. If you are interested in this subject there is RTC about the MD5 http://www.faqs.org/rfcs/rfc1321.html

How do you rate me?

Thank you for rating your experience!

We’re thrilled to hear you had a great experience with . Would you like to leave a comment about your experience?
Thanks for voting on your experience with , we’d love to get some feedback please.
Ohh no! We’re really sorry to hear you didn’t have a pleasant experience with , we’re always looking at how we can improve and would appreciate you provide some further feedback here please.
Type your feedback here

it's great that you had a positive one. Based on your experience in this ticket would you please be kind enough to rate us externally on: